feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

WIP

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2020-05-27 18:08:25 +02:00
committed by Unknown
parent a107688891
commit 73105305cf
4 changed files with 57 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/internal.c
View File

@ -6197,6 +6197,7 @@ void FreeKeyExchange(WOLFSSL* ssl)
ssl->async.freeArgs(ssl, ssl->async.args); ssl->async.freeArgs(ssl, ssl->async.args);
ssl->async.freeArgs = NULL; ssl->async.freeArgs = NULL;
} }
FreeBuildMsgArgs(&ssl->async.buildArgs);
#endif #endif
} }
@ -8351,8 +8352,9 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
} }
#ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS
if (size + ssl->buffers.outputBuffer.length - ssl->buffers.outputBuffer.idx if (ssl->options.dtls &&
> ssl->dtls_expected_rx) { size + ssl->buffers.outputBuffer.length -
ssl->buffers.outputBuffer.idx > ssl->dtls_expected_rx) {
int ret; int ret;
WOLFSSL_MSG("CheckAvailableSize() flushing buffer " WOLFSSL_MSG("CheckAvailableSize() flushing buffer "
"to make room for new message"); "to make room for new message");
@ -15340,8 +15342,8 @@ int ProcessReply(WOLFSSL* ssl)
} }
else else
#endif #endif
if (ssl->buffers.inputBuffer.length - ssl->keys.padSz - if (ssl->buffers.inputBuffer.length -
ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ) { ssl->buffers.inputBuffer.idx > MAX_PLAINTEXT_SZ) {
WOLFSSL_MSG("Plaintext too long"); WOLFSSL_MSG("Plaintext too long");
#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS) #if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS)
SendAlert(ssl, alert_fatal, record_overflow); SendAlert(ssl, alert_fatal, record_overflow);
@ -16021,28 +16023,12 @@ int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
} }
#ifndef WOLFSSL_NO_TLS12 #ifndef WOLFSSL_NO_TLS12
/* Persistable BuildMessage arguments */ void FreeBuildMsgArgs(BuildMsgArgs* args)
typedef struct BuildMsgArgs {
word32 digestSz;
word32 sz;
word32 pad;
word32 idx;
word32 headerSz;
word16 size;
word32 ivSz; /* TLSv1.1 IV */
byte* iv;
} BuildMsgArgs;
static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs)
{ {
BuildMsgArgs* args = (BuildMsgArgs*)pArgs; if (args) {
if (args->iv)
(void)ssl; XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT);
(void)args; XMEMSET(args, 0, sizeof(BuildMsgArgs));
if (args->iv) {
XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT);
args->iv = NULL;
} }
} }
#endif #endif
@ -16057,9 +16043,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
BuildMsgArgs* args; BuildMsgArgs* args;
BuildMsgArgs lcl_args; BuildMsgArgs lcl_args;
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
args = (BuildMsgArgs*)ssl->async.args; args = &ssl->async.buildArgs;
typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
(void)sizeof(args_test);
#endif #endif
#endif #endif
@ -16107,9 +16091,6 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
args->sz = RECORD_HEADER_SZ + inSz; args->sz = RECORD_HEADER_SZ + inSz;
args->idx = RECORD_HEADER_SZ; args->idx = RECORD_HEADER_SZ;
args->headerSz = RECORD_HEADER_SZ; args->headerSz = RECORD_HEADER_SZ;
#ifdef WOLFSSL_ASYNC_CRYPT
ssl->async.freeArgs = FreeBuildMsgArgs;
#endif
} }
switch (ssl->options.buildMsgState) { switch (ssl->options.buildMsgState) {
@ -16486,10 +16467,7 @@ exit_buildmsg:
ret = args->sz; ret = args->sz;
/* Final cleanup */ /* Final cleanup */
FreeBuildMsgArgs(ssl, args); FreeBuildMsgArgs(args);
#ifdef WOLFSSL_ASYNC_CRYPT
ssl->async.freeArgs = NULL;
#endif
return ret; return ret;
#endif /* !WOLFSSL_NO_TLS12 */ #endif /* !WOLFSSL_NO_TLS12 */
@ -16882,7 +16860,8 @@ int SendCertificate(WOLFSSL* ssl)
#endif #endif
} }
sendSz += cipherExtraData(ssl); if (IsEncryptionOn(ssl, 1))
sendSz += cipherExtraData(ssl);
/* check for available size */ /* check for available size */
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
@ -28231,6 +28210,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
#endif #endif
} }
if (IsEncryptionOn(ssl, 1))
sendSz += cipherExtraData(ssl);
/* check for available size */ /* check for available size */
if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
return ret; return ret;

18
src/ssl.c
View File

@ -2642,7 +2642,7 @@ int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx)
/* do a secure renegotiation handshake, user forced, we discourage */ /* do a secure renegotiation handshake, user forced, we discourage */
static int _Rehandshake(WOLFSSL* ssl) static int _Rehandshake(WOLFSSL* ssl)
{ {
int ret; int ret, err;
if (ssl == NULL) if (ssl == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@ -2705,7 +2705,21 @@ static int _Rehandshake(WOLFSSL* ssl)
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
} }
ret = wolfSSL_negotiate(ssl);
do {
err = 0; /* reset error */
ret = wolfSSL_negotiate(ssl);
if (ret != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_PENDING_E) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
#endif
}
} while (err == WC_PENDING_E);
ssl->secure_rene_count++; ssl->secure_rene_count++;
return ret; return ret;
} }

3
tests/include.am
View File

@ -31,6 +31,9 @@ EXTRA_DIST += tests/test.conf \
tests/test-psk-no-id.conf \ tests/test-psk-no-id.conf \
tests/test-psk-no-id-sha2.conf \ tests/test-psk-no-id-sha2.conf \
tests/test-dtls.conf \ tests/test-dtls.conf \
tests/test-dtls-group.conf \
tests/test-dtls-reneg-client.conf \
tests/test-dtls-reneg-server.conf \
tests/test-dtls-sha2.conf \ tests/test-dtls-sha2.conf \
tests/test-sctp.conf \ tests/test-sctp.conf \
tests/test-sctp-sha2.conf \ tests/test-sctp-sha2.conf \

19
wolfssl/internal.h
View File

@ -3815,6 +3815,20 @@ typedef struct HS_Hashes {
} HS_Hashes; } HS_Hashes;
#ifndef WOLFSSL_NO_TLS12
/* Persistable BuildMessage arguments */
typedef struct BuildMsgArgs {
word32 digestSz;
word32 sz;
word32 pad;
word32 idx;
word32 headerSz;
word16 size;
word32 ivSz; /* TLSv1.1 IV */
byte* iv;
} BuildMsgArgs;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
#define MAX_ASYNC_ARGS 18 #define MAX_ASYNC_ARGS 18
typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
@ -3823,6 +3837,7 @@ typedef struct HS_Hashes {
WC_ASYNC_DEV* dev; WC_ASYNC_DEV* dev;
FreeArgsCb freeArgs; /* function pointer to cleanup args */ FreeArgsCb freeArgs; /* function pointer to cleanup args */
word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
BuildMsgArgs buildArgs; /* holder for current BuildMessage args */
}; };
#endif #endif
@ -4603,6 +4618,10 @@ WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
#ifndef WOLFSSL_NO_TLS12
WOLFSSL_LOCAL void FreeBuildMsgArgs(BuildMsgArgs* args);
#endif
WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
const byte* input, int inSz, int type, int hashOutput, const byte* input, int inSz, int type, int hashOutput,
int sizeOnly, int asyncOkay, int epochOrder); int sizeOnly, int asyncOkay, int epochOrder);